<?php
session_start();

//sanitize user input and assign to arrays
$uid = $_POST['userid'];
$role = $_POST['role'];
$user = $_POST['username'];
$pw = $_POST['password'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$zipcode = $_POST['zipcode'];
$email = $_POST['email'];


include("std_dbs.php");

//check for delete
if (isset($_POST['check']) && ($_POST['check'] == 'checked')) {
	$query2 = "DELETE FROM AUTHENTICATE WHERE UserID = '".$uid."' ";
	$stid2 = oci_parse($connect, $query2);
	oci_execute($stid2);
	//oci_commit($stid2);
	header('Location: admin.php#Users');
}

	
//Salt
if ($pw != '') {//new password was entered
	$password = sha1($pw);
	$password = $password . $user;
	$password = sha1($password);
	$query2 = "UPDATE Authenticate SET Password = '".$password."' WHERE UserID = '".$uid."' ";
	$stid2 =oci_parse($connect, $query2);
	oci_execute($stid2);
}

//get original user information
$mq = "SELECT USERS.USERID, ROLE, USERNAME, FNAME, LNAME, ZIPCODE, EMAIL FROM USERS, AUTHENTICATE WHERE UserID = '".$uid."' ";
$mq = oci_parse($connect, $mq);
oci_execute($mq);

$row = oci_fetch_array($mq, OCI_ASSOC);

//check for changes
if ($role != $row['ROLE']) {//role was changed
	$query2 = "UPDATE Authenticate SET Role = '".$role."' WHERE UserID = '".$uid."' ";
	$stid2 =oci_parse($connect, $query2);
	oci_execute($stid2);
}
if ($fname != $row['FNAME']) {//fname was changed
	$query2 = "UPDATE Users SET FName = '".$fname."' WHERE UserID = '".$uid."' ";
	$stid2 =oci_parse($connect, $query2);
	oci_execute($stid2);
}
if ($lname != $row['LNAME']) {//lname was changed
	$query2 = "UPDATE Users SET LName = '".$lname."' WHERE UserID = '".$uid."' ";
	$stid2 =oci_parse($connect, $query2);
	oci_execute($stid2);
}
if ($zipcode != $row['ZIPCODE']) {//zipcode was changed
	$query2 = "UPDATE Users SET ZIPCODE = '".$zipcode."' WHERE UserID = '".$uid."' ";
	$stid2 =oci_parse($connect, $query2);
	oci_execute($stid2);
}
if ($email != $row['EMAIL']) {//email was changed
	$query2 = "UPDATE Users SET EMAIL = '".$email."' WHERE UserID = '".$uid."' ";
	$stid2 =oci_parse($connect, $query2);
	oci_execute($stid2);
}

header('Location: admin.php#Users');

?>

